• Avast saying my old Facepunch password got leaked?
    8 replies, posted
Not sure if this is the right place to ask, never really asked a question like this before on Facepunch, but Avast recently noted a "password breach" - going all the way back to 01 July 2016, mind you - on here. I realize it's more than likely nothing - not like Facepunch uses passwords anymore for - but I'm not entirely sure why it decided to inform me of a "breach" going back to 2016. Were there any actual password leaks on Facepunch in July of 2016 and should I - if I'm even able to - change my password for Facepunch?
From what I remember it wasn't an actual password leak, but they did reset passwords as a cautionary measure. But I don't remember all of the details, was so long ago now. it was some really insane Vbulletin bug bullshit. Honestly I thank garry for at least getting away from that garbage.
Ah, right, thanks. I realize I'm being a paranoid android here but, hey, better safe than sorry.
Passwords leaked some years back, and that's probably one of the reasons Garry wanted to move away from the old forum software. Facepunch no longer stores passwords, and instead uses 3'rd party authenticators like Google, Twitter, etc. Basically, the old password leak would only be relevant to users who haven't migrated their old account to the new forums yet.
Salted password hashes got leaked. The only way anyone could ever use this is if they stole your session cookies. I have no clue about this shit though so I could also just have spread fake news.
That's the detail I forgot. Even if we still had passwords, it'd still be useless. Effectively, useless data was leaked.
https://files.facepunch.com/forum/upload/1755/0c52f68f-e092-442e-9f67-f7a23503e8da/image.png nice.
Lol no idea how it just ate my link
Sorry, you need to Log In to post a reply to this thread.